[Cryptography] canonicalizing unicode strings.
John Levine
johnl at iecc.com
Mon Jan 15 22:30:30 EST 2018
In article <20180115161208.GA2547 at fedora-23-dvm> you write:
>If possible I always recommend using a whitelist rather than the blacklist
>approach shown above, which will inevitably get out of date as new unicode
>homoglyphs and near-homoglyphs get added to unicode.
I think the normal approach is to accept strings only in a single
script. Mixed scripts are generally malicious in any sort of
identifier context.
R's,
John
More information about the cryptography
mailing list